Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate JWT supported algorithms against supported set if not provided in config #161

Merged
merged 3 commits into from
Mar 15, 2021
Merged

Validate JWT supported algorithms against supported set if not provided in config #161

merged 3 commits into from
Mar 15, 2021

Conversation

austingebauer
Copy link
Contributor

Overview

This PR changes the handling of jwt_supported_algs to be consistent with the behavior prior to PR #155. This means that jwt_supported_algs will remain optional and default to the set of algorithms defined in jwt/algs.go#L12-L21 for JWT based authentication.

A default of RS256 is still used for OIDC based authentication.

Testing

I've tested that JWT auth works without needing to always provide the correct signing algorithm via jwt_supported_algs for both JWKS and static key configurations.

@austingebauer austingebauer requested review from kalafut and calvn March 15, 2021 22:03
calvn
calvn reviewed Mar 15, 2021
View reviewed changes
path_login.go Outdated Show resolved Hide resolved
path_login.go Show resolved Hide resolved
@austingebauer austingebauer requested a review from calvn March 15, 2021 23:19
@austingebauer austingebauer merged commit e8af984 into master Mar 15, 2021
@austingebauer austingebauer deleted the jwt-supported-algs branch March 15, 2021 23:38
austingebauer added a commit that referenced this pull request Mar 15, 2021
@austingebauer
Validate JWT supported algorithms against supported set if not provid…
7bbe9ad 
…ed in config (#161)
@austingebauer austingebauer mentioned this pull request Mar 15, 2021
Merged
austingebauer added a commit that referenced this pull request Mar 15, 2021
@austingebauer
Validate JWT supported algorithms against supported set if not provid…
346e942 
…ed in config (#161) (#162)
@austingebauer austingebauer mentioned this pull request Mar 16, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@kalafut kalafut kalafut approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@austingebauer @kalafut @calvn